| Title | SourceCodester Human Resource Information System V0.1 Unrestricted Upload |
|---|
| Description | During a comprehensive security assessment of the PHP-based Human Resource Information System, a critical file upload vulnerability was identified in /Admin_Dashboard/process/editemployee_process.php. This vulnerability stems from the application's inadequate validation of user-uploaded files. Attackers can exploit this flaw to upload malicious executable files using techniques such as file extension spoofing, MIME type manipulation, or double extension tricks. Once uploaded and executed on the server, these files can lead to significant security breaches, including unauthorized server access and data theft. Crucially, this vulnerability allows unauthenticated attackers to achieve remote code execution by uploading malicious files. Immediate remediation is essential to mitigate these risks.
|
|---|
| Source | ⚠️ https://github.com/lrjbsyh/CVE_Hunter/issues/4#issue-3320892747 |
|---|
| User | M00n_L33 (UID 88858) |
|---|
| Submission | 08/14/2025 17:31 (8 months ago) |
|---|
| Moderation | 08/25/2025 17:19 (11 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 321344 [SourceCodester Human Resource Information System 1.0 editemployee_process.php employee_file201 unrestricted upload] |
|---|
| Points | 20 |
|---|